Top mobile security threats for 2013

Mobiles growing popularity with consumers and marketers is matched by an increase in the number of cyber attacks on smartphones. This means that security is likely to take on greater importance in 2013 compared to last year.

Malware targeting mobile users is already a big concern for the Android platform and the problem is likely to get worse before it gets better. Other areas of concern include worms, drive-by downloads, botnets and potential infrastructure attacks.

Mobile security will definitely be become a larger issue in 2013 as the increase of usage and dependency move up exponentially, said John Ceraolo, chief security officer at 3Cinteractive, Boca Raton, FL.

We will do more with mobile because we can and this is in no small part to having our demands met at unprecedented levels, he said. The interesting thing is that the protections needed for 2013 are not that different than they were in 2012 and the preceding years: lock your devices, use remote find/wipe tools, backups, etc.

Android a targetA wave of malware on Android phones is currently affecting China and Russia, with reports suggesting these countries are seeing a 40 percent infection rate.

While this strain of malware has not yet reached the U.S., it is likely to do so this year, per Mr. Ceraolo.

Android is no newcomer when it comes to malware, with cyber criminals focusing their attention on the platform because of how widely available it is. While Google has taken steps to address the growing problem of malware on Android devices, the growth in the number of new mobile malicious programs on the platform continued to grow quickly last year.

The problem, if it gets any bigger, could start to force mobile users to consider another platform and raise concern for marketers.

The bad guys will probably fine-tune their sheeps clothing if you will and we could see more of this in 2013, Mr. Ceraolo said. Since the Android has such a large market share, coupled with barely viable malware protection software for the platform, this could be a significant security issue. 

There is also the possibility that the first mass worm will appear on the Android platform, which would be capable of spreading itself via text messages and sending out like to itself as an online app store, per Ryan Naraine, security evangelist at Kaspersky Lab, Woburn, MA.

BYOD raises concernsOne of the big security issues for companies is the growing number of mobile devices being brought to work by employees and used for work purposes. In 2013, targeted attacks using mobile devices as the entry point could become a big issue for companies.

Mobile security will definitely be a bigger issue in 2013, Mr. Naraine said. More and more companies are allowing employees to bring their own devices and giving them access to corporate assets.

This puts business data at serious risk if there is a malware outbreak or if the device gets lost or stolen, he said.

Additionally, all mobile platforms are vulnerable to drive-by downloads targeting operating system vulnerabilities, which could emerge as a big problem this year. And, there are likely to be more mobile botnets.

Another, and potentially more devastating security issue, is a possible attack on critical infrastructure, per 3Cinteractives Mr. Ceraolo.

The continuing pressure in Washington to move forward on cyber security legislation is becoming more than just a passing headline, Mr. Ceraolo said. Well likely see this start with an Executive Order signing in January but the business impact, government involvement and privacy issues will need to get worked out next year.

While most of think of electrical and water when talking about critical infrastructure attacks, concerns about the backbone to support mobile communications should certainly be high on the list, he said.

Taking the proper stepsSome of the basic ways to protect a smartphone from cyber criminals recommended by Mr. Ceraolo in a post on his companys blog include setting a phone password, backing up data, getting apps only from trusted sources, installing security apps that find a phone and can wipe it, accepting app updates and only using secure networks.

If companies and consumers alike could focus their security habits on the ten simple steps listed there, many of the basic security issues could be thwarted before they even happen, Mr. Ceraolo said.

Bad guys will work hard if they have to but when its easier to find the mobile user who has done nothing to protect their device, you have saved them time, he said.

The Federal Communications Commission also recently released a very basic consumer-focused process called Smartphone Security Checker on its Web site to help users address security issues.

Users should also be aware of applications that ask to use their location information. While location-based services are a growing area of mobile marketing, they do present potential security issues for users, putting the onus on marketers to assure customers they are using the information responsibly.

Comments on "Top mobile security threats for 2013"

Part of the issue is the openness of the app stores on Android - which also makes it part of the appeal for users. Rather than Apple vetoing apps because they contain links to sites that might actually allow developers to make money that Apple can't collect on, Android allows freedom and flexibility. The problem is the platform becomes much like a personal PC - users either blindly trust everything, or trust nothing.

The issue is not the Android OS - the issue is how to get some level of reputation for apps that is based both on popularity and on an independent security / vulnerability scan. Another mitigator to the spread of malware might be a kernel based app blacklister, so apps found to be issues can be quickly prevented from accessing any underlying device functionality.

Pie in the sky ideas, but Android is likely to succeed or fail based on how corporations trust its use inside the firewall.